From 853c2bf6e8f456a833345795b768ec42a293ff20 Mon Sep 17 00:00:00 2001 From: liningjie Date: Wed, 26 Jul 2023 22:09:47 +0800 Subject: [PATCH] CVE-2023-31972 --- CVE-2023-31972.patch | 28 ++++++++++++++++++++++++++++ yasm.spec | 6 +++++- 2 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 CVE-2023-31972.patch diff --git a/CVE-2023-31972.patch b/CVE-2023-31972.patch new file mode 100644 index 0000000..41e44c5 --- /dev/null +++ b/CVE-2023-31972.patch @@ -0,0 +1,28 @@ +From 5ea57b131987e5a93a9b06c69262a29f32174383 Mon Sep 17 00:00:00 2001 +From: jiangjinjian +Date: Fri, 9 Jun 2023 15:37:45 +0800 +Subject: [PATCH] CVE-2023-31972 + +--- + modules/preprocs/nasm/nasm-pp.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/modules/preprocs/nasm/nasm-pp.c b/modules/preprocs/nasm/nasm-pp.c +index 403c065..275f4ab 100644 +--- a/modules/preprocs/nasm/nasm-pp.c ++++ b/modules/preprocs/nasm/nasm-pp.c +@@ -5103,6 +5103,11 @@ pp_getline(void) + * condition, in which case we don't want to meddle with + * anything. + */ ++ ++ if (istk == NULL) { ++ return NULL; ++ } ++ + if (!defining && !(istk->conds && !emitting(istk->conds->state))) + tline = expand_mmac_params(tline); + +-- +2.33.0 + diff --git a/yasm.spec b/yasm.spec index 033b770..abbe47d 100644 --- a/yasm.spec +++ b/yasm.spec @@ -1,11 +1,12 @@ Name: yasm Version: 1.3.0 -Release: 10 +Release: 11 Summary: NASM assembler License: BSD URL: http://yasm.tortall.net/ Source0: http://www.tortall.net/projects/yasm/releases/yasm-1.3.0.tar.gz Patch1: yasm-1.3.0-sw.patch +Patch2: CVE-2023-31972.patch BuildRequires: gcc bison byacc gettext-devel xmlto Provides: bundled(md5-plumb) @@ -47,6 +48,9 @@ rm -rf %{buildroot} %{_mandir}/* %changelog +* Wed Jul 26 2022 liningjie - 1.3.0-11 +- Fix CVE-2023-31972 + * Wed Oct 26 2022 wuzx - 1.3.0-10 - Add sw64 architecture -- Gitee